> String strAuth = request.getHeader("Authorization");
> if (strAuth == null)
> {
> response.setStatus(response.SC_UNAUTHORIZED);
> response.setHeader("WWW-Authenticate", "NTLM");
> return;
> }
> If i return a JSP page with status UNAUTHORIZED, then subsequent POST
> request will quit working.
I don't follow what you are doing. Below is a sample NTLM handshake.
1) C -> S GET ...
2) S -> C 401 Unauthorized
WWW-Authenticate: NTLM
3) C -> S GET ...
Authorization: NTLM
TlRMTVNTUAABAAAAA7IAAAoACgApAAAACQAJACAAAABMSUdIVENJVFlVUlNBLU1JTk9S
4) S -> C 401 Unauthorized
WWW-Authenticate: NTLM
TlRMTVNTUAACAAAAAAAAACgAAAABggAAU3J2Tm9uY2UAAAAAAAAAAA==
5) C -> S GET ...
Authorization: NTLM
TlRMTVNTUAADAAAAGAAYAHIAAAAYABgAigAAABQAFABAAAAADAAMAFQAAAASABIAYAAAAAAA
AACiAAAAAYIAAFUAUgBTAEEALQBNAEkATgBPAFIAWgBhAHAAaABvAGQATABJAEcASABUAEMA
SQBUAFkArYfKbe/jRoW5xDxHeoxC1gBmfWiS5+iX4OAN4xBKG/IFPwfH3agtPEia6YnhsADT
6) S -> C 200 Ok
Is the code that you showed was implementing step 2? If so then how have
you already authenticated the client, as it the hash is not sent until
step 5.
Please clarify what step of the NTLM handshake the code is attempting to
implement.
Better still can you provide the HTTP trace of the conversation between
the client and the server. This can be obtained using a TCP sniffer from
the Jakarta axis project. OK!
-lp
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
